Virus win32:Vundo@dll sous Vista

Fermé

lolocuste Messages postés 17 Date d'inscription vendredi 8 juin 2007 Statut Membre Dernière intervention 26 mai 2008 - 23 mai 2008 à 00:21
Le sioux Messages postés 4894 Date d'inscription dimanche 27 mai 2007 Statut Contributeur sécurité Dernière intervention 6 mars 2023 - 26 mai 2008 à 08:19

Bonjour,

J'ai un petit soucis technique, mon antivirus Avast me détecte a longueur de journée le virus Vundo, j'ai essayer plusieurs méthodes mais rien n'y fait alors je viens vous demander de l'aide, Spybot me bloque sans arrêt divers rundll.32... au démarrage, j'ai tenté d'effacer virtumonde dont il a trouver la trace mais rien n'y fait... si quelqu'un a une idée... merci à vous !

A voir également:

Virus win32:Vundo@dll sous Vista
Svchost.exe virus - Guide
Message virus iphone site adulte - Forum iPhone
Puabundler win32 - Forum Virus
Hacktool win32 - Forum Virus
Trojan win32 - Forum Virus

7 réponses

Réponse 1 / 7

Le sioux Messages postés 4894 Date d'inscription dimanche 27 mai 2007 Statut Contributeur sécurité Dernière intervention 6 mars 2023 495
23 mai 2008 à 03:10

Bonjour Lolocuste

Commence par m envoyer un rapport HijackThis, fais ce qui suit :

Télécharge hijackthis sur ton Bureau.

Ferme toutes les autres fenêtres, tous les autres programmes. Pas de connexion Internet.

Double clique dessus pour lancer l installation . Accepte la licence qui va apparaître par " I agree" .

Puis clique sur "Do a system scan and save a logfile"

Ferme HijackThis et fais un copier-coller du rapport en entier et poste le ici en réponse.

Note : le rapport se trouve dans C:\Program Files\Trend Micro\HijackThis

Tuto : "générer un rapport" http://pageperso.aol.fr/balltrap34/demohijack.htm

@ suivre.

lolocuste Messages postés 17 Date d'inscription vendredi 8 juin 2007 Statut Membre Dernière intervention 26 mai 2008
23 mai 2008 à 18:07

Bonjour et merci beaucoup de vous occuper de moi !
voici donc le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:01:19, on 23/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe
C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\XBLFriends\XBLFriends.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6754A456-BAD9-11D4-93D3-00B0D03A2F91} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Windows Update x86] aim.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\geBtTMca.dll,#1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\windows sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Configuration de la neuf Box] C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [L07FXLRD_1834812] "C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Laurent\AppData\Local\Temp\tuvWqPhf.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Laurent\AppData\Local\Temp\ssqRJdEv.dll,#1
O4 - HKCU\..\Run: [3cf93adc] rundll32.exe "C:\Users\Laurent\AppData\Local\Temp\dgvbenob.dll",b
O4 - HKCU\..\Run: [BM3fca0940] Rundll32.exe "C:\Users\Laurent\AppData\Local\Temp\ctlhgfjs.dll",s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe
O4 - Startup: Widget GAME ONE.lnk = ?
O4 - Startup: XBLFriends.lnk = C:\Program Files\XBLFriends\XBLFriends.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - http://www.update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_05) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F247AD9-260A-4EBB-9B12-1D7D24B314D9}: NameServer = 192.168.30.1
O18 - Protocol: bw+0 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3A49AB86-DA9A-4869-91E8-3F963157F9E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hexago Gateway6 Client (gw6c) - Hexago, Inc. - C:\Program Files\Hexago\Gateway6 Client\gw6c.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

Réponse 2 / 7

Le sioux Messages postés 4894 Date d'inscription dimanche 27 mai 2007 Statut Contributeur sécurité Dernière intervention 6 mars 2023 495
23 mai 2008 à 18:23

Hello Lolocuste

Vista ...

1) Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Vas dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.

Un redémarrage sera nécessaire.

Regarde ici "comment fixer/corriger des lignes via HijackThis http://pageperso.aol.fr/balltrap34/demohijack.htm

2) Lance HijackThis.

Je te conseille d'enregistrer toutes les lignes a fixer puis de copier cette sélection dans un fichier texte sur ton PC pour pouvoir appliquer la procédure correctement.

Lance Hijackthis en faisant un clic droit sur son raccourci sur le Bureau puis "Exécuter en tant qu'administrateur"
Clique sur Scan Only et coche les lignes suivantes :

Toutes les lignes O18

Ferme toutes les autres fenêtres, tous les autres programmes. Pas de connections Internet.

Clique sur Fix Checked puis clique sur OK
Puis ferme HijackThis.

Si certaines lignes sont absentes, signale les en fin de procédure

3) Combofix.exe de sUBs

Télécharge Combofix.exe de sUBs sur ton Bureau,

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement /!\

Clique sur Combofix.exe puis "Executer en tant qu'administrateur"
Mets le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu et un nouveau rapport HijackThis

/!\Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\Combofix.txt+

@ suivre

lolocuste Messages postés 17 Date d'inscription vendredi 8 juin 2007 Statut Membre Dernière intervention 26 mai 2008
23 mai 2008 à 20:28

Bon ben j'ai encore un soucis, impossible de lancer combofix il reste fige sur veuillez patienter, combofix va bientot se lancer et puis.... rien 2h après toujours au même endroit... j'ai pourtant tout arreter, deconecter du net et lancer aucun programme... dois effacer combofix et reinstaller?

lolocuste Messages postés 17 Date d'inscription vendredi 8 juin 2007 Statut Membre Dernière intervention 26 mai 2008
23 mai 2008 à 22:01

Après moulte essais j'y suis enfin arrivé !! voila donc les resultats:

Combofix:

ComboFix 08-05-21.3 - Laurent 2008-05-23 21:34:08.2 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1036.18.2004 [GMT 2:00]
Endroit: C:\Users\Laurent\Desktop\ComboFix.exe
.
/wow section non terminée

((((((((((((((((((((((((((((( Fichiers créés 2008-04-23 to 2008-05-23 ))))))))))))))))))))))))))))))))))))
.

2008-05-23 20:20 . 2008-05-18 12:57 59,904 --a------ C:\Windows\System32\yayYQhFW.dll
2008-05-23 18:41 . 2008-05-18 12:57 59,904 --a------ C:\Windows\System32\vTlIBUKb.dll
2008-05-23 18:01 . 2008-05-23 21:22 <REP> d-------- C:\Program Files\Trend Micro
2008-05-20 00:06 . 2008-05-20 00:06 524,288 --ahs---- C:\ntuser.dat{2ccf24cd-25e1-11dd-a8af-000a940226f2}.TMContainer00000000000000000002.regtrans-ms
2008-05-20 00:06 . 2008-05-20 00:06 524,288 --ahs---- C:\ntuser.dat{2ccf24cd-25e1-11dd-a8af-000a940226f2}.TMContainer00000000000000000001.regtrans-ms
2008-05-20 00:06 . 2008-05-20 00:06 524,288 --ahs---- C:\ntuser.dat{2ccf24c9-25e1-11dd-a8af-000a940226f2}.TMContainer00000000000000000002.regtrans-ms
2008-05-20 00:06 . 2008-05-20 00:06 524,288 --ahs---- C:\ntuser.dat{2ccf24c9-25e1-11dd-a8af-000a940226f2}.TMContainer00000000000000000001.regtrans-ms
2008-05-20 00:06 . 2008-05-20 00:06 262,144 --a------ C:\ntuser.dat
2008-05-20 00:06 . 2008-05-20 00:06 65,536 --ahs---- C:\ntuser.dat{2ccf24cd-25e1-11dd-a8af-000a940226f2}.TM.blf
2008-05-20 00:06 . 2008-05-20 00:06 65,536 --ahs---- C:\ntuser.dat{2ccf24c9-25e1-11dd-a8af-000a940226f2}.TM.blf
2008-05-20 00:06 . 2008-05-20 00:06 5,120 --ah----- C:\ntuser.dat.LOG1
2008-05-20 00:06 . 2008-05-20 00:06 0 --ah----- C:\ntuser.dat.LOG2
2008-05-19 09:38 . 2008-05-19 09:38 <REP> d-------- C:\Users\Laurence\AppData\Roaming\Nero
2008-05-18 12:33 . 2008-05-18 23:44 <REP> d-a------ C:\Users\All Users\TEMP
2008-05-18 12:33 . 2008-05-18 23:44 <REP> d-a------ C:\ProgramData\TEMP
2008-05-17 15:37 . 2008-05-17 15:37 <REP> d-------- C:\Program Files\NeroInstall.bak
2008-05-17 15:35 . 2008-05-17 15:35 <REP> d-------- C:\Users\Laurent\AppData\Roaming\Nero
2008-05-17 15:29 . 2008-05-17 15:29 <REP> d-------- C:\Users\All Users\Nero
2008-05-17 15:29 . 2008-05-17 15:29 <REP> d-------- C:\ProgramData\Nero
2008-05-17 15:29 . 2008-05-17 15:33 <REP> d-------- C:\Program Files\Common Files\Nero
2008-05-17 14:06 . 2008-05-17 14:06 <REP> d-------- C:\Program Files\UltraISO
2008-05-17 14:06 . 2008-05-17 14:06 <REP> d-------- C:\Program Files\Common Files\EZB Systems
2008-05-17 13:54 . 2008-05-17 13:54 <REP> d-------- C:\Windows\WinRAR
2008-05-12 14:51 . 2008-05-12 14:53 354,560 --a------ C:\Windows\System32\TuneUpDefragService.exe
2008-05-12 14:51 . 2008-04-04 14:51 28,416 --a------ C:\Windows\System32\uxtuneup.dll
2008-05-12 14:51 . 2008-04-04 14:51 16,640 --a------ C:\Windows\System32\authuitu.dll
2008-05-12 14:50 . 2008-05-12 14:53 <REP> d-------- C:\Program Files\TuneUp Utilities 2008
2008-05-04 11:57 . 2008-05-04 11:57 <REP> d-------- C:\Users\Laurence\AppData\Roaming\Yahoo!
2008-05-03 13:14 . 2008-05-03 13:14 <REP> d-------- C:\Program Files\WinASO
2008-05-03 12:08 . 2008-05-03 12:11 <REP> d-------- C:\Program Files\Microsoft Etudes
2008-05-03 12:05 . 2008-05-03 12:05 <REP> d-------- C:\Program Files\Learning Essentials
2008-05-03 12:03 . 2005-05-26 15:34 2,297,552 --a------ C:\Windows\System32\d3dx9_26.dll
2008-05-02 18:04 . 2008-05-02 18:04 <REP> d-------- C:\Program Files\ITE
2008-05-02 18:04 . 2007-05-02 04:09 29,184 --a------ C:\Windows\System32\drivers\iteraid.sys
2008-05-02 17:10 . 2008-05-02 17:11 <REP> d-------- C:\bios
2008-05-02 16:35 . 2008-05-02 16:35 <REP> d-------- C:\Program Files\ScanSoft
2008-05-02 16:34 . 2008-05-02 16:34 <REP> dr------- C:\Windows\System32\config\systemprofile\Videos
2008-05-02 16:34 . 2008-05-02 16:34 <REP> dr------- C:\Windows\System32\config\systemprofile\Searches
2008-05-02 16:34 . 2008-05-02 16:34 <REP> dr------- C:\Windows\System32\config\systemprofile\Saved Games
2008-05-02 16:34 . 2008-05-02 16:34 <REP> dr------- C:\Windows\System32\config\systemprofile\Pictures
2008-05-02 16:34 . 2008-05-02 16:34 <REP> dr------- C:\Windows\System32\config\systemprofile\Music
2008-05-02 16:34 . 2008-05-02 16:34 <REP> dr------- C:\Windows\System32\config\systemprofile\Links
2008-05-02 16:34 . 2008-05-02 16:34 <REP> dr------- C:\Windows\System32\config\systemprofile\Downloads
2008-05-02 16:34 . 2008-05-02 16:34 <REP> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-05-02 16:34 . 2008-05-02 16:34 <REP> dr------- C:\Windows\System32\config\systemprofile\Contacts
2008-05-02 16:29 . 2008-05-02 16:30 <REP> d-------- C:\Program Files\Microsoft AutoRoute
2008-05-02 15:44 . 2008-05-02 15:45 <REP> d-------- C:\Program Files\Azureus
2008-05-02 13:26 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-05-02 13:25 . 2008-01-19 09:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
2008-05-02 13:24 . 2008-01-19 09:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-05-02 13:23 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-05-02 13:22 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-05-02 13:22 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-05-02 13:22 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-05-02 13:22 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-05-02 13:22 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-05-02 13:22 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-05-02 13:22 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-05-02 13:22 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-05-02 13:22 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-05-02 12:56 . 2008-05-02 12:56 171,136 -rahs---- C:\grldr
2008-04-26 14:17 . 2008-05-23 20:19 0 --a------ C:\Windows\System32\drivers\lvuvc.hs
2008-04-26 14:04 . 2007-10-12 04:00 3,647,384 --a------ C:\Windows\System32\drivers\lvuvc.sys
2008-04-26 14:04 . 2007-10-12 03:59 1,920,920 --a------ C:\Windows\System32\drivers\lvpopflt.sys
2008-04-26 14:04 . 2007-10-12 03:57 195,096 --a------ C:\Windows\System32\lvci1150.dll
2008-04-26 14:04 . 2007-10-12 03:11 59,500 --a------ C:\Windows\System32\lvcoinst.ini
2008-04-26 14:04 . 2007-10-12 04:00 41,752 --a------ C:\Windows\System32\drivers\LVUSBSta.sys
2008-04-26 14:04 . 2007-10-12 03:18 21,138 --a------ C:\Windows\System32\Repository.reg
2008-04-26 13:17 . 2008-04-26 13:17 <REP> d-------- C:\Users\Laurent\{fb72e7d3-7422-4dd5-baec-bf5704671f39}
2008-04-26 12:48 . 2008-04-26 12:48 <REP> d-------- C:\Users\Laurent\{ed47e128-7ca5-43bd-9f44-dace4a728ddb}
2008-04-26 12:48 . 2008-04-26 12:48 118,784 -r------- C:\Windows\bwUnin-7.2.0.157-8876480SL.exe
2008-04-26 12:17 . 2008-04-26 12:17 <REP> d-------- C:\Users\Laurent\{0a0e72ad-18b5-4a02-be38-1172652027ec}
2008-04-26 12:06 . 2008-04-26 12:06 86,400 --a------ C:\Windows\~GLC0000.TMP
2008-04-26 12:06 . 1998-07-09 16:45 28,160 --a------ C:\Windows\UnRgS3E10.exe
2008-04-26 11:56 . 2008-04-26 11:56 <REP> d-------- C:\Users\Laurent\{c317a8e7-b956-499f-b90c-ca1d3a074275}
2008-04-26 11:34 . 2008-04-26 14:26 <REP> d-------- C:\Program Files\Common Files\LogiShrd
2008-04-25 23:42 . 2008-04-25 23:42 1,746 --a------ C:\Windows\unins001.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 18:32 --------- d-----w C:\Users\Laurent\AppData\Roaming\SiteAdvisor
2008-05-22 20:50 --------- d-----w C:\ProgramData\Google Updater
2008-05-20 18:09 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-18 10:56 --------- d-----w C:\Users\Laurent\AppData\Roaming\Azureus
2008-05-17 16:00 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-17 14:55 --------- d-----w C:\Program Files\SlySoft
2008-05-17 13:29 --------- d-----w C:\Program Files\Nero
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-13 20:47 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-13 20:47 --------- d-----w C:\Program Files\Windows Mail
2008-05-12 12:50 --------- d-----w C:\ProgramData\TuneUp Software
2008-05-12 12:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-04 09:56 --------- d-----w C:\ProgramData\NVIDIA
2008-05-03 11:20 --------- d-----w C:\Program Files\Services en ligne
2008-05-03 10:46 --------- d-----w C:\Users\Laurent\AppData\Roaming\SUPERAntiSpyware.com
2008-05-03 10:46 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-05-03 10:43 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-05-03 09:51 --------- d-----w C:\Users\Laurent\AppData\Roaming\uTorrent
2008-05-02 16:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-02 14:16 --------- d-----w C:\Program Files\MagicISO
2008-05-02 14:09 --------- d-----w C:\Program Files\PowerISO
2008-05-02 12:04 174 --sha-w C:\Program Files\desktop.ini
2008-05-02 11:53 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-02 11:53 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-02 11:53 --------- d-----w C:\Program Files\Windows Journal
2008-05-02 11:53 --------- d-----w C:\Program Files\Windows Defender
2008-05-02 11:53 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-02 11:53 --------- d-----w C:\Program Files\Windows Calendar
2008-05-02 11:40 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-02 11:40 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-26 12:26 --------- d-----w C:\ProgramData\LogiShrd
2008-04-26 12:26 --------- d-----w C:\Program Files\Logitech
2008-04-26 12:21 --------- d-----w C:\Program Files\Common Files\Logitech
2008-04-26 11:09 --------- d-----w C:\ProgramData\Logitech
2008-04-25 20:59 --------- d-----w C:\Program Files\Google
2008-04-18 18:46 --------- d-----w C:\Users\Laurent\AppData\Roaming\Shareaza
2008-04-18 18:46 --------- d-----w C:\Program Files\Shareaza
2008-04-14 20:25 --------- d-----w C:\Program Files\Neuf
2008-04-11 15:23 38,400 ----a-w C:\Windows\System32\SoundSchemes.exe
2008-04-07 20:08 --------- d-----w C:\Users\Laurent\AppData\Roaming\GigaTribe
2008-04-07 16:37 --------- d-----w C:\Program Files\Picasa2
2008-04-05 11:06 --------- d-----w C:\ProgramData\OrbNetworks
2008-04-05 11:06 --------- d-----w C:\Program Files\Winamp Remote
2008-04-05 10:56 --------- d-----w C:\Program Files\Winamp
2008-03-28 17:52 --------- d-----w C:\ProgramData\Lavasoft
2008-03-28 17:51 --------- d-----w C:\Program Files\Lavasoft
2008-03-28 17:49 --------- d-----w C:\Users\Laurent\AppData\Roaming\Lavasoft
2008-03-28 17:31 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-14 22:24 93,128 ------w C:\Windows\System32\ElbyCDIO.dll
2008-03-12 20:21 678,408 ----a-w C:\Windows\System32\gpprefcl.dll
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-28 15:38 972,072 ----a-w C:\Windows\UNNeroMediaHome.exe
2008-02-26 14:14 972,072 ----a-w C:\Windows\UNRecode.exe
2004-08-05 12:00 626,688 --sha-r C:\Windows\System32\aim.exe
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22 4670968]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 20:08 68856]
"Sidebar"="C:\Program Files\windows sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"Neuf Media Center"="C:\Program Files\Neuf\Media Center\MediaCenter.exe" [2007-08-29 16:42 1008880]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-04-19 07:39 3297280]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"Configuration de la neuf Box"="C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe" [2005-12-13 15:19 389120]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-04-26 13:18 36864]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 17:58 217544]
"L07FXLRD_1834812"="C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.exe" [2006-06-13 18:11 351000]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-12-21 04:34 1649600]
"3cf93adc"="C:\Users\Laurent\AppData\Local\Temp\dgvbenob.dll" [ ]
"BM3fca0940"="C:\Users\Laurent\AppData\Local\Temp\ctlhgfjs.dll" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 11:45 63712]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 13:37 4186112 C:\Windows\RtHDVCpl.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 01:50 233472]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"Microsoft Windows Update x86"="aim.exe" [2004-08-05 14:00 626688 C:\Windows\System32\aim.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\Windows\KHALMNPR.Exe]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-25 22:57 29744]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21 57344]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-01-19 09:32 990208 C:\Windows\System32\bthprops.cpl]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 05:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 05:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 05:28 81920]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"MSServer"="C:\Windows\system32\yayYQhFW.dll" [2008-05-18 12:57 59904]

C:\Users\Laurent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GigaTribe.lnk - C:\Program Files\GigaTribe\gigatribe.exe [2008-02-14 21:25:12 1077248]
Widget GAME ONE.lnk - C:\Users\Laurent\Documents\Widget GAME ONE\Widget GAME ONE.exe [2008-01-02 17:02:16 383020]
XBLFriends.lnk - C:\Program Files\XBLFriends\XBLFriends.exe [2007-10-23 22:21:10 450560]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Image Transfer.lnk - C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe [2007-05-31 23:40:21 73728]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-04-26 13:18:57 196608]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-06-01 01:29:52 692224]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-16 20:08:38 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{F1B2B165-FBF2-4EB3-98FF-9CF5506062B5}"= C:\Windows\system32\yayYQhFW.dll [2008-05-18 12:57 59904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.yv12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\\Program Files\\MSN Messenger\\livecall.exe"= C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
"10243:TCP"= 10243:TCP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10280:UDP"= 10280:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10281:UDP"= 10281:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10282:UDP"= 10282:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10283:UDP"= 10283:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10284:UDP"= 10284:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"1900:UDP"= 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP"= 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe-UDP-Domain"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.1
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe-TCP-Domain"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.1
"C:\\Program Files\\MSN Messenger\\livecall.exe-UDP-Domain"= TCP:C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"C:\\Program Files\\MSN Messenger\\livecall.exe-TCP-Domain"= UDP:C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"%windir%\\Network Diagnostic\\xpnetdiag.exe-UDP-Domain"= TCP:%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"%windir%\\Network Diagnostic\\xpnetdiag.exe-TCP-Domain"= UDP:%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"10284:UDP-Domain"= TCP:10284:LocalSubnet:LocalSubnet:Service Partage réseau du Lecteur Windows Media
"10283:UDP-Domain"= TCP:10283:LocalSubnet:LocalSubnet:Service Partage réseau du Lecteur Windows Media
"10282:UDP-Domain"= TCP:10282:LocalSubnet:LocalSubnet:Service Partage réseau du Lecteur Windows Media
"10281:UDP-Domain"= TCP:10281:LocalSubnet:LocalSubnet:Service Partage réseau du Lecteur Windows Media
"10280:UDP-Domain"= TCP:10280:LocalSubnet:LocalSubnet:Service Partage réseau du Lecteur Windows Media
"10243:TCP-Domain"= UDP:10243:LocalSubnet:LocalSubnet:Service Partage réseau du Lecteur Windows Media
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"C:\\Program Files\\TribalWeb\\tribalweb.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\TribalWeb\tribalweb.exe:tribalweb
"C:\\Program Files\\TribalWeb\\tribalweb.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\TribalWeb\tribalweb.exe:tribalweb
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:Apache HTTP Server
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:Apache HTTP Server
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.1
"C:\\Program Files\\MSN Messenger\\livecall.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:Microsoft Office Outlook
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:Microsoft Office Outlook
"C:\\Program Files\\Azureus\\Azureus.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Azureus\Azureus.exe:Azureus
"C:\\Program Files\\Azureus\\Azureus.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Azureus\Azureus.exe:Azureus
"%windir%\\Network Diagnostic\\xpnetdiag.exe-UDP-Standard"= TCP:Profile=Public|%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"%windir%\\Network Diagnostic\\xpnetdiag.exe-TCP-Standard"= UDP:Profile=Public|%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"10284:UDP-Standard"= TCP:10284:LocalSubnet:LocalSubnet:Service Partage réseau du Lecteur Windows Media
"10283:UDP-Standard"= TCP:10283:LocalSubnet:LocalSubnet:Service Partage réseau du Lecteur Windows Media
"10282:UDP-Standard"= TCP:10282:LocalSubnet:LocalSubnet:Service Partage réseau du Lecteur Windows Media
"10281:UDP-Standard"= TCP:10281:LocalSubnet:LocalSubnet:Service Partage réseau du Lecteur Windows Media
"10280:UDP-Standard"= TCP:10280:LocalSubnet:LocalSubnet:Service Partage réseau du Lecteur Windows Media
"10243:TCP-Standard"= UDP:10243:LocalSubnet:LocalSubnet:Service Partage réseau du Lecteur Windows Media
"TCP Query User{3F6D4FEF-3EE1-49C1-A9DD-8D75ED290C12}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{1846B357-DD1C-44DB-A4DA-4437925FBBF9}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{A6549D30-E270-49AF-AE17-64E5DCF92F7E}C:\\users\\laurent\\desktop\\utorrent.exe"= UDP:C:\users\laurent\desktop\utorrent.exe:utorrent.exe
"UDP Query User{CD17746E-429E-4159-95F8-8FAD507C3D28}C:\\users\\laurent\\desktop\\utorrent.exe"= TCP:C:\users\laurent\desktop\utorrent.exe:utorrent.exe
"TCP Query User{7B3F40A5-868C-4ACD-8560-4C6C8A279815}C:\\users\\laurent\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\laurent\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{53E38EC4-613F-4F6F-B48B-369407A941E2}C:\\users\\laurent\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\laurent\program files\utorrent\utorrent.exe:utorrent.exe
"TCP Query User{634C33F6-1BE9-40DC-AC42-158F263427DB}C:\\users\\laurent\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\laurent\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{3DD7ED4A-A037-4F68-B9C7-23D246E89DFE}C:\\users\\laurent\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\laurent\program files\utorrent\utorrent.exe:utorrent.exe
"{3D757554-C7D6-4D97-984F-06ACB160217F}"= UDP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"{8F97A477-472C-4902-AA42-017469A70BB0}"= TCP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"TCP Query User{D92DD346-53D5-4275-823C-AEA1C08D31D9}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{8BBE429B-BB2B-4677-880B-D83B0E3DDE4B}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{AE753650-09FC-4318-8771-42FAB7324A96}C:\\program files\\sierra on-line\\sigspat.exe"= UDP:C:\program files\sierra on-line\sigspat.exe:SIGSPat
"UDP Query User{E4E0091C-EB11-475D-86B9-D709CFEBE2AF}C:\\program files\\sierra on-line\\sigspat.exe"= TCP:C:\program files\sierra on-line\sigspat.exe:SIGSPat
"TCP Query User{393C5219-339A-477F-AEC9-CA96A55FD6C9}C:\\program files\\sierra on-line\\sigspat.exe"= UDP:C:\program files\sierra on-line\sigspat.exe:SIGSPat
"UDP Query User{B8E4256D-9B23-45CB-8686-D007A8C448F6}C:\\program files\\sierra on-line\\sigspat.exe"= TCP:C:\program files\sierra on-line\sigspat.exe:SIGSPat
"TCP Query User{169A24BB-B7E1-4EEC-86F3-A82A1B5F8988}C:\\sierra\\counter-strike\\cstrike.exe"= UDP:C:\sierra\counter-strike\cstrike.exe:CounterStrike Launcher
"UDP Query User{8DEEF9B7-FC5B-466D-8886-545A39C4124F}C:\\sierra\\counter-strike\\cstrike.exe"= TCP:C:\sierra\counter-strike\cstrike.exe:CounterStrike Launcher
"TCP Query User{D25952EC-C57D-42AD-8821-2D49B4FF8737}C:\\sierra\\counter-strike\\cstrike.exe"= UDP:C:\sierra\counter-strike\cstrike.exe:CounterStrike Launcher
"UDP Query User{1243D75F-29C8-416D-884B-2FDBA3B1711B}C:\\sierra\\counter-strike\\cstrike.exe"= TCP:C:\sierra\counter-strike\cstrike.exe:CounterStrike Launcher
"{A7AE2926-F0F3-4979-B827-9091A34E69DA}"= UDP:C:\Program Files\XBLFriends\XBLFriends.exe:XBLFriends
"{5628FC70-84F5-4B6A-8FD7-B09F2F47030C}"= TCP:C:\Program Files\XBLFriends\XBLFriends.exe:XBLFriends
"{B3870F46-1303-468A-A82C-27CA83CF3711}"= UDP:C:\Program Files\Neuf\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player Neuf Cegetel)
"{7A10F75A-0ECF-444E-8A88-5586D9AF9111}"= TCP:C:\Program Files\Neuf\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player Neuf Cegetel)
"{CCB16A56-91A8-4940-90E0-236E2CC9943B}"= UDP:C:\Program Files\Neuf\Media Center\MediaCenter.exe:Charger le Media Center
"{27E399E3-9A8C-4A9B-9373-43BBD88A2B76}"= TCP:C:\Program Files\Neuf\Media Center\MediaCenter.exe:Charger le Media Center
"{0F016011-4C94-482E-85AE-7259F4A568F1}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{BB888F65-B6D7-44FA-8FD0-525CC1E05AE6}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{CBA2FE60-43E0-4AD7-AC27-9F7DDDB50655}"= UDP:C:\Program Files\Windows Mail\WinMail.exe:Windows Mail
"{193D2ACE-0723-47B8-BFC6-E5AB84A3860D}"= TCP:C:\Program Files\Windows Mail\WinMail.exe:Windows Mail
"TCP Query User{EDAA6525-454E-45C6-A8DD-F55A254442B7}C:\\program files\\winamp remote\\bin\\orbtray.exe"= UDP:C:\program files\winamp remote\bin\orbtray.exe:Orb
"UDP Query User{2028CD0F-EAD3-4D34-B5B1-6C842BE130A3}C:\\program files\\winamp remote\\bin\\orbtray.exe"= TCP:C:\program files\winamp remote\bin\orbtray.exe:Orb
"TCP Query User{1B7AAE64-FCA6-4553-9696-8FE34981AEE3}C:\\program files\\winamp remote\\bin\\orb.exe"= UDP:C:\program files\winamp remote\bin\orb.exe:Orb Application
"UDP Query User{39681623-CFB6-492C-957F-3D815D838CAD}C:\\program files\\winamp remote\\bin\\orb.exe"= TCP:C:\program files\winamp remote\bin\orb.exe:Orb Application
"TCP Query User{5132AE98-785A-48C9-A9C1-4F0249F4FC89}C:\\program files\\winamp remote\\bin\\orbir.exe"= UDP:C:\program files\winamp remote\bin\orbir.exe:
"UDP Query User{621873FD-D873-465F-96E5-018F92FE11CD}C:\\program files\\winamp remote\\bin\\orbir.exe"= TCP:C:\program files\winamp remote\bin\orbir.exe:
"TCP Query User{28740282-FB28-4A9D-9025-42EBF946086E}C:\\program files\\winamp remote\\bin\\orbstreamerclient.exe"= UDP:C:\program files\winamp remote\bin\orbstreamerclient.exe:ORB Windows Media stream encoding client
"UDP Query User{160D91CD-F160-46B1-A29B-20E0EC06B5DA}C:\\program files\\winamp remote\\bin\\orbstreamerclient.exe"= TCP:C:\program files\winamp remote\bin\orbstreamerclient.exe:ORB Windows Media stream encoding client
"{82721D35-60DB-429F-847F-0C3403541676}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3E455167-9D9A-4C76-9733-442D37EE2B5D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{911D3F7D-3139-4E87-BC71-D617F41B8E5F}C:\\program files\\pando networks\\pando\\pando.exe"= UDP:C:\program files\pando networks\pando\pando.exe:pando
"UDP Query User{679887B1-F87D-4ADE-95A9-1F06BD58C231}C:\\program files\\pando networks\\pando\\pando.exe"= TCP:C:\program files\pando networks\pando\pando.exe:pando
"{DFA4E801-209B-4743-AD56-3D5A25FAED5C}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"{0550E2E2-1D65-4F14-9EF7-74134D600C54}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"TCP Query User{3FE36F6C-9D4F-4C26-9879-E1D54A8187D0}C:\\program files\\secondlife\\slvoice.exe"= UDP:C:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{D59B9DF3-D779-4157-BEDC-49991FA47326}C:\\program files\\secondlife\\slvoice.exe"= TCP:C:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{A7E3A32B-83CB-4648-9D94-65C9FBD88A93}C:\\program files\\secondlife\\slvoice.exe"= UDP:C:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{2016CB19-CEC8-4673-8311-F28122259AEB}C:\\program files\\secondlife\\slvoice.exe"= TCP:C:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{3F363592-01E8-404E-9503-3B60FF6B5DF1}C:\\program files\\shareaza applications\\shareaza\\shareaza.exe"= UDP:C:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza
"UDP Query User{91466022-D7F5-4680-A9A9-D0D3FDDBC1C5}C:\\program files\\shareaza applications\\shareaza\\shareaza.exe"= TCP:C:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza
"TCP Query User{DFA6AC9F-968F-491E-AF6F-774948E24D2A}C:\\program files\\shareaza applications\\shareaza\\shareaza.exe"= UDP:C:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza
"UDP Query User{6D2BC016-9B65-4F9F-BFC0-51DB0FE8B60F}C:\\program files\\shareaza applications\\shareaza\\shareaza.exe"= TCP:C:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza
"TCP Query User{7971FF39-9AF7-4E4E-8FD1-76488DB5403F}C:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= UDP:C:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module
"UDP Query User{037CC863-B4C0-4594-A1EF-FBF51C4D0FAE}C:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= TCP:C:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module
"TCP Query User{8CDBB72B-624A-46C4-AFF9-5AC5ECDF4AB7}C:\\program files\\gigatribe\\gigatribe.exe"= UDP:C:\program files\gigatribe\gigatribe.exe:gigatribe
"UDP Query User{260C8925-EA9A-42B2-A99F-BEA3483BED8F}C:\\program files\\gigatribe\\gigatribe.exe"= TCP:C:\program files\gigatribe\gigatribe.exe:gigatribe
"TCP Query User{FF5AE95D-9C59-4A74-BA93-FCB0B330274F}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{C1640C5E-0821-4469-9E0D-AFC024B6D065}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{7DE2688A-BB80-4420-93C4-3C67DEA30D63}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{9D7588EC-B5D8-4F63-9710-2BDFF7F87621}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{0AA86402-BCED-4192-BA15-D57E5D9C09AE}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{1A6AB250-3164-43F8-A9CF-AFDE4AEDB525}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{1CF93DE3-85D3-4886-9B6E-3E73557FAD29}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{951B0912-711D-4028-A3C7-33918B8AB0F0}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{98EB5FC7-EFCF-432F-BAFE-95E9DA397F0B}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{59CDE9A5-B519-4AB3-9ACF-98CDEF46F311}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{131378FB-6AC1-4D03-B7A7-6A87AFE3FBD9}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{EBAFA4F2-DBC0-49E3-B639-D0E82A0D4DD8}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{714C16E0-6405-4B05-AA7B-5EC3C1D42B43}F:\\creativesfiles\\shareaza.exe"= UDP:F:\creativesfiles\shareaza.exe:Shareaza Ultimate File Sharing
"UDP Query User{1D815FF9-8155-4622-A7A3-79719EE1FBF3}F:\\creativesfiles\\shareaza.exe"= TCP:F:\creativesfiles\shareaza.exe:Shareaza Ultimate File Sharing
"{BE489B15-0DDF-46A8-9EC8-956854F68C59}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{F222FB66-94DB-4122-BFFE-06C229D9DF2A}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{DD201A3B-F6B3-4DA3-B322-F4E6743C3B67}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{9E5B2223-F28B-4114-B720-BD1102120A53}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{B5A48021-F3FB-48FC-A526-17E2AA3493DB}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{923F6EC8-F039-410A-927D-4A273CDABE9B}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"{A2AC7B56-7E11-4437-895C-CC9330607585}"= UDP:C:\Program Files\Neuf\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player Neuf Cegetel)
"{7D985227-D51D-4D2F-99F2-3BC1C66C6212}"= TCP:C:\Program Files\Neuf\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player Neuf Cegetel)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\\Program Files\\Azureus\\Azureus.exe"= C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
"C:\\Program Files\\MSN Messenger\\livecall.exe"= C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server
"C:\\Program Files\\Shareaza\\Shareaza.exe"= C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza
"C:\\Program Files\\TribalWeb\\tribalweb.exe"= C:\Program Files\TribalWeb\tribalweb.exe:*:Enabled:tribalweb
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\GloballyOpenPorts\List]
"10243:TCP"= 10243:TCP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10280:UDP"= 10280:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10281:UDP"= 10281:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10282:UDP"= 10282:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10283:UDP"= 10283:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10284:UDP"= 10284:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"1900:UDP"= 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP"= 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R3 HexTunnelDevice;Hexago Multi-Virtual Tunnel Adapter;C:\Windows\system32\DRIVERS\hextun.sys [2007-12-20 05:02]
S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2007-07-15 16:45]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-25 22:57]
S3 gw6c;Hexago Gateway6 Client;C:\Program Files\Hexago\Gateway6 Client\gw6c.exe [2007-12-20 05:02]
S3 UMPass;Pilote Microsoft UMPass;C:\Windows\system32\DRIVERS\umpass.sys [2008-01-19 07:53]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WudfServiceGroup REG_MULTI_SZ WUDFSvc
GPSvcGroup REG_MULTI_SZ GPSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-23 19:00:00 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-01-31 22:12:14 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-05-23 19:38:12 C:\Windows\Tasks\User_Feed_Synchronization-{CD229FDC-4450-49F4-BE0E-DEFC4596C43B}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-23 21:34:53
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\Windows\system32\winlogon.exe
-> C:\Windows\system32\yayYQhFW.dll

PROCESS: C:\Windows\Explorer.exe
-> ?:\Windows\system32\msi.dll
.
Temps d'accomplissement: 2008-05-23 21:42:34

Pre-Run: 30,697,488,384 octets libres
Post-Run: 30,668,754,944 octets libres

410 --- E O F --- 2008-05-23 15:40:45

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:56:15, on 23/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6754A456-BAD9-11D4-93D3-00B0D03A2F91} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Windows Update x86] aim.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\yayYQhFW.dll,#1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\windows sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Configuration de la neuf Box] C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [L07FXLRD_1834812] "C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [3cf93adc] rundll32.exe "C:\Users\Laurent\AppData\Local\Temp\dgvbenob.dll",b
O4 - HKCU\..\Run: [BM3fca0940] Rundll32.exe "C:\Users\Laurent\AppData\Local\Temp\ctlhgfjs.dll",s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe
O4 - Startup: Widget GAME ONE.lnk = ?
O4 - Startup: XBLFriends.lnk = C:\Program Files\XBLFriends\XBLFriends.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - http://www.update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_05) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F247AD9-260A-4EBB-9B12-1D7D24B314D9}: NameServer = 192.168.30.1
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hexago Gateway6 Client (gw6c) - Hexago, Inc. - C:\Program Files\Hexago\Gateway6 Client\gw6c.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

Réponse 3 / 7

Le sioux Messages postés 4894 Date d'inscription dimanche 27 mai 2007 Statut Contributeur sécurité Dernière intervention 6 mars 2023 495
24 mai 2008 à 01:34

Re

Comme prévu, du boulot ;)

1) VIRUS TOTAL

Rends toi sur VIRUS TOTAL https://www.virustotal.com/gui/

* Clique sur "parcourir" : C:\grldr

* Recherche le fichier à analyser, puis clique ensuite sur "send".

Il faut patienter car tu es sur une file d'attente.
Le rapport ne sera complet que lorsque tu verras la mention "FINISHED"sur la droite.

Dépose le dans ta prochaine réponse.

Tuto : http://pageperso.aol.fr/loraline60/virus_total.htm

Note : Il est possible que tu es besoin d'avoir accès aux dossiers et fichiers cachés, pour cela "Affiche les dossiers cachés" Aide toi de B ) ici https://forum.pcastuces.com/sujet.asp?f=25&s=3902 si besoin.

--> Fais de même pour C:\bios

2) Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Vas dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.

Un redémarrage sera nécessaire.

3) ComboFix avec CFScript :

* Sélectionne le texte suivant (en gras) dans son intégralité :

Driver::
lvuvc

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"3cf93adc"=-
"BM3fca0940"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Windows Update x86"=-
"MSServer"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{F1B2B165-FBF2-4EB3-98FF-9CF5506062B5}"=-

File::
C:\Windows\System32\yayYQhFW.dll
C:\Windows\System32\vTlIBUKb.dll
C:\Windows\System32\aim.exe
C:\Users\Laurent\AppData\Local\Temp\dgvbenob.dll
C:\Users\Laurent\AppData\Local\Temp\ctlhgfjs.dll
C:\Windows\System32\authuitu.dll
C:\Windows\System32\drivers\lvuvc.hs

* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (Démarrer / Tous les Programmes>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde sur ton Bureau ce fichier sous le nom de CFScript.txt

/!\ Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement. /!\

Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe ( sur ton Bureau)

Comme ici http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript.gif

* Une fenêtre bleue va apparaître: au message qui apparaît Type 1 to continue, or 2 to abort , tape 1 puis valide.

* Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal!

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu et un nouveau rapport HijackThis

/!\Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à Internet. /!\.

(Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt )

Et poste les deux rapports de VirusTotal stp.

@ suivre

lolocuste Messages postés 17 Date d'inscription vendredi 8 juin 2007 Statut Membre Dernière intervention 26 mai 2008
24 mai 2008 à 10:20

Bonjour, je viens de faire une autre manip avec Malwarebytes' Anti-Malware en mode sans échec et apparemment ça a bien nettoyer ca j'ai plus d'erreur ni de fenetre spybot qui s'ouvre pour me demander une moidification de base de registre !! mais je vais quand même poster tout les résultats que tu me demande au cas ou !

voila pour virus total sur C:\grldr :

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.12.6.0 2007.12.05 -
AntiVir 7.6.0.34 2007.12.05 -
Authentium 4.93.8 2007.12.05 -
Avast 4.7.1098.0 2007.12.05 -
AVG 7.5.0.503 2007.12.06 -
BitDefender 7.2 2007.12.05 -
CAT-QuickHeal 9.00 2007.12.05 -
ClamAV 0.91.2 2007.12.06 -
DrWeb 4.44.0.09170 2007.12.05 -
eSafe 7.0.15.0 2007.12.05 -
eTrust-Vet 31.3.5355 2007.12.05 -
Ewido 4.0 2007.12.05 -
F-Prot 4.4.2.54 2007.12.05 -
F-Secure 6.70.13030.0 2007.12.06 -
FileAdvisor 1 2007.12.06 -
Fortinet 3.14.0.0 2007.12.05 -
Ikarus T3.1.1.12 2007.12.05 -
Kaspersky 7.0.0.125 2007.12.06 -
McAfee 5178 2007.12.05 -
Microsoft 1.3007 2007.12.06 -
NOD32v2 2705 2007.12.05 -
Norman 5.80.02 2007.12.05 -
Panda 9.0.0.4 2007.12.05 -
Prevx1 V2 2007.12.06 -
Rising 20.21.20.00 2007.12.05 -
Sophos 4.24.0 2007.12.05 -
Sunbelt 2.2.907.0 2007.12.05 -
Symantec 10 2007.12.05 -
TheHacker 6.2.9.151 2007.12.05 -
VBA32 3.12.2.5 2007.12.05 -
VirusBuster 4.3.26:9 2007.12.05 -
Webwasher-Gateway 6.6.2 2007.12.05 -
Information additionnelle
File size: 171136 bytes
MD5: ab82eb839d4f2f29a9b6c09cbeeb269e
SHA1: db48a0f1fed93d83fd1a8ed67c1affb614ce1aa9
PEiD: -

et pour C:\bios : faut il que je lance un a un les 4 fichiers dans ce dossier et que je poste les rapports?

En attendant je continu ce que tu me demande et je poste ça dans quelques temps

lolocuste Messages postés 17 Date d'inscription vendredi 8 juin 2007 Statut Membre Dernière intervention 26 mai 2008
24 mai 2008 à 10:54

voici le rapport combofix:

ComboFix 08-05-21.3 - Laurent 2008-05-24 10:32:50.3 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1036.18.1778 [GMT 2:00]
Endroit: C:\Users\Laurent\Desktop\ComboFix.exe
Command switches used :: C:\Users\Laurent\Desktop\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\Users\Laurent\AppData\Local\Temp\ctlhgfjs.dll
C:\Users\Laurent\AppData\Local\Temp\dgvbenob.dll
C:\Windows\System32\aim.exe
C:\Windows\System32\authuitu.dll
C:\Windows\System32\drivers\lvuvc.hs
C:\Windows\System32\vTlIBUKb.dll
C:\Windows\System32\yayYQhFW.dll
.
/wow section non terminée

((((((((((((((((((((((((((((( Fichiers créés 2008-04-24 to 2008-05-24 ))))))))))))))))))))))))))))))))))))
.

2008-05-24 10:31 . 2008-05-24 10:31 <REP> d-------- C:\327882R2FWJFW
2008-05-24 09:30 . 2008-05-24 10:26 0 --a------ C:\Windows\System32\drivers\lvuvc.hs
2008-05-23 23:58 . 2008-05-23 23:58 <REP> d-------- C:\Users\Laurent\AppData\Roaming\Malwarebytes
2008-05-23 23:58 . 2008-05-23 23:58 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-05-23 23:58 . 2008-05-23 23:58 <REP> d-------- C:\ProgramData\Malwarebytes
2008-05-23 23:58 . 2008-05-23 23:58 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-23 23:58 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-05-23 23:58 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-05-23 18:41 . 2008-05-18 12:57 59,904 --a------ C:\Windows\System32\vTlIBUKb.dll
2008-05-23 18:01 . 2008-05-23 21:22 <REP> d-------- C:\Program Files\Trend Micro
2008-05-20 00:06 . 2008-05-20 00:06 524,288 --ahs---- C:\ntuser.dat{2ccf24cd-25e1-11dd-a8af-000a940226f2}.TMContainer00000000000000000002.regtrans-ms
2008-05-20 00:06 . 2008-05-20 00:06 524,288 --ahs---- C:\ntuser.dat{2ccf24cd-25e1-11dd-a8af-000a940226f2}.TMContainer00000000000000000001.regtrans-ms
2008-05-20 00:06 . 2008-05-20 00:06 524,288 --ahs---- C:\ntuser.dat{2ccf24c9-25e1-11dd-a8af-000a940226f2}.TMContainer00000000000000000002.regtrans-ms
2008-05-20 00:06 . 2008-05-20 00:06 524,288 --ahs---- C:\ntuser.dat{2ccf24c9-25e1-11dd-a8af-000a940226f2}.TMContainer00000000000000000001.regtrans-ms
2008-05-20 00:06 . 2008-05-20 00:06 262,144 --a------ C:\ntuser.dat
2008-05-20 00:06 . 2008-05-20 00:06 65,536 --ahs---- C:\ntuser.dat{2ccf24cd-25e1-11dd-a8af-000a940226f2}.TM.blf
2008-05-20 00:06 . 2008-05-20 00:06 65,536 --ahs---- C:\ntuser.dat{2ccf24c9-25e1-11dd-a8af-000a940226f2}.TM.blf
2008-05-20 00:06 . 2008-05-20 00:06 5,120 --ah----- C:\ntuser.dat.LOG1
2008-05-20 00:06 . 2008-05-20 00:06 0 --ah----- C:\ntuser.dat.LOG2
2008-05-19 09:38 . 2008-05-19 09:38 <REP> d-------- C:\Users\Laurence\AppData\Roaming\Nero
2008-05-18 12:33 . 2008-05-18 23:44 <REP> d-a------ C:\Users\All Users\TEMP
2008-05-18 12:33 . 2008-05-18 23:44 <REP> d-a------ C:\ProgramData\TEMP
2008-05-17 15:37 . 2008-05-17 15:37 <REP> d-------- C:\Program Files\NeroInstall.bak
2008-05-17 15:35 . 2008-05-17 15:35 <REP> d-------- C:\Users\Laurent\AppData\Roaming\Nero
2008-05-17 15:29 . 2008-05-17 15:29 <REP> d-------- C:\Users\All Users\Nero
2008-05-17 15:29 . 2008-05-17 15:29 <REP> d-------- C:\ProgramData\Nero
2008-05-17 15:29 . 2008-05-17 15:33 <REP> d-------- C:\Program Files\Common Files\Nero
2008-05-17 14:06 . 2008-05-17 14:06 <REP> d-------- C:\Program Files\UltraISO
2008-05-17 14:06 . 2008-05-17 14:06 <REP> d-------- C:\Program Files\Common Files\EZB Systems
2008-05-17 13:54 . 2008-05-17 13:54 <REP> d-------- C:\Windows\WinRAR
2008-05-12 14:51 . 2008-05-12 14:53 354,560 --a------ C:\Windows\System32\TuneUpDefragService.exe
2008-05-12 14:51 . 2008-04-04 14:51 28,416 --a------ C:\Windows\System32\uxtuneup.dll
2008-05-12 14:51 . 2008-04-04 14:51 16,640 --a------ C:\Windows\System32\authuitu.dll
2008-05-12 14:50 . 2008-05-12 14:53 <REP> d-------- C:\Program Files\TuneUp Utilities 2008
2008-05-04 11:57 . 2008-05-04 11:57 <REP> d-------- C:\Users\Laurence\AppData\Roaming\Yahoo!
2008-05-03 13:14 . 2008-05-03 13:14 <REP> d-------- C:\Program Files\WinASO
2008-05-03 12:08 . 2008-05-03 12:11 <REP> d-------- C:\Program Files\Microsoft Etudes
2008-05-03 12:05 . 2008-05-03 12:05 <REP> d-------- C:\Program Files\Learning Essentials
2008-05-03 12:03 . 2005-05-26 15:34 2,297,552 --a------ C:\Windows\System32\d3dx9_26.dll
2008-05-02 18:04 . 2008-05-02 18:04 <REP> d-------- C:\Program Files\ITE
2008-05-02 18:04 . 2007-05-02 04:09 29,184 --a------ C:\Windows\System32\drivers\iteraid.sys
2008-05-02 17:10 . 2008-05-02 17:11 <REP> d-------- C:\bios
2008-05-02 16:35 . 2008-05-02 16:35 <REP> d-------- C:\Program Files\ScanSoft
2008-05-02 16:34 . 2008-05-02 16:34 <REP> dr------- C:\Windows\System32\config\systemprofile\Videos
2008-05-02 16:34 . 2008-05-02 16:34 <REP> dr------- C:\Windows\System32\config\systemprofile\Searches
2008-05-02 16:34 . 2008-05-02 16:34 <REP> dr------- C:\Windows\System32\config\systemprofile\Saved Games
2008-05-02 16:34 . 2008-05-02 16:34 <REP> dr------- C:\Windows\System32\config\systemprofile\Pictures
2008-05-02 16:34 . 2008-05-02 16:34 <REP> dr------- C:\Windows\System32\config\systemprofile\Music
2008-05-02 16:34 . 2008-05-02 16:34 <REP> dr------- C:\Windows\System32\config\systemprofile\Links
2008-05-02 16:34 . 2008-05-02 16:34 <REP> dr------- C:\Windows\System32\config\systemprofile\Downloads
2008-05-02 16:34 . 2008-05-02 16:34 <REP> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-05-02 16:34 . 2008-05-02 16:34 <REP> dr------- C:\Windows\System32\config\systemprofile\Contacts
2008-05-02 16:29 . 2008-05-02 16:30 <REP> d-------- C:\Program Files\Microsoft AutoRoute
2008-05-02 15:44 . 2008-05-02 15:45 <REP> d-------- C:\Program Files\Azureus
2008-05-02 13:26 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-05-02 13:25 . 2008-01-19 09:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
2008-05-02 13:24 . 2008-01-19 09:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-05-02 13:23 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-05-02 13:22 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-05-02 13:22 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-05-02 13:22 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-05-02 13:22 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-05-02 13:22 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-05-02 13:22 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-05-02 13:22 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-05-02 13:22 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-05-02 13:22 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-05-02 12:56 . 2008-05-02 12:56 171,136 -rahs---- C:\grldr
2008-04-26 14:04 . 2007-10-12 04:00 3,647,384 --a------ C:\Windows\System32\drivers\lvuvc.sys
2008-04-26 14:04 . 2007-10-12 03:59 1,920,920 --a------ C:\Windows\System32\drivers\lvpopflt.sys
2008-04-26 14:04 . 2007-10-12 03:57 195,096 --a------ C:\Windows\System32\lvci1150.dll
2008-04-26 14:04 . 2007-10-12 03:11 59,500 --a------ C:\Windows\System32\lvcoinst.ini
2008-04-26 14:04 . 2007-10-12 04:00 41,752 --a------ C:\Windows\System32\drivers\LVUSBSta.sys
2008-04-26 14:04 . 2007-10-12 03:18 21,138 --a------ C:\Windows\System32\Repository.reg
2008-04-26 13:17 . 2008-04-26 13:17 <REP> d-------- C:\Users\Laurent\{fb72e7d3-7422-4dd5-baec-bf5704671f39}
2008-04-26 12:48 . 2008-04-26 12:48 <REP> d-------- C:\Users\Laurent\{ed47e128-7ca5-43bd-9f44-dace4a728ddb}
2008-04-26 12:48 . 2008-04-26 12:48 118,784 -r------- C:\Windows\bwUnin-7.2.0.157-8876480SL.exe
2008-04-26 12:17 . 2008-04-26 12:17 <REP> d-------- C:\Users\Laurent\{0a0e72ad-18b5-4a02-be38-1172652027ec}
2008-04-26 12:06 . 2008-04-26 12:06 86,400 --a------ C:\Windows\~GLC0000.TMP
2008-04-26 12:06 . 1998-07-09 16:45 28,160 --a------ C:\Windows\UnRgS3E10.exe
2008-04-26 11:56 . 2008-04-26 11:56 <REP> d-------- C:\Users\Laurent\{c317a8e7-b956-499f-b90c-ca1d3a074275}
2008-04-26 11:34 . 2008-04-26 14:26 <REP> d-------- C:\Program Files\Common Files\LogiShrd
2008-04-25 23:42 . 2008-04-25 23:42 1,746 --a------ C:\Windows\unins001.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-24 08:18 --------- d-----w C:\Users\Laurent\AppData\Roaming\SiteAdvisor
2008-05-23 21:50 --------- d-----w C:\ProgramData\Google Updater
2008-05-20 18:09 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-18 10:56 --------- d-----w C:\Users\Laurent\AppData\Roaming\Azureus
2008-05-17 16:00 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-17 14:55 --------- d-----w C:\Program Files\SlySoft
2008-05-17 13:29 --------- d-----w C:\Program Files\Nero
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-13 20:47 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-13 20:47 --------- d-----w C:\Program Files\Windows Mail
2008-05-12 12:50 --------- d-----w C:\ProgramData\TuneUp Software
2008-05-12 12:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-04 09:56 --------- d-----w C:\ProgramData\NVIDIA
2008-05-03 11:20 --------- d-----w C:\Program Files\Services en ligne
2008-05-03 10:46 --------- d-----w C:\Users\Laurent\AppData\Roaming\SUPERAntiSpyware.com
2008-05-03 10:46 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-05-03 10:43 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-05-03 09:51 --------- d-----w C:\Users\Laurent\AppData\Roaming\uTorrent
2008-05-02 16:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-02 14:16 --------- d-----w C:\Program Files\MagicISO
2008-05-02 14:09 --------- d-----w C:\Program Files\PowerISO
2008-05-02 12:04 174 --sha-w C:\Program Files\desktop.ini
2008-05-02 11:53 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-02 11:53 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-02 11:53 --------- d-----w C:\Program Files\Windows Journal
2008-05-02 11:53 --------- d-----w C:\Program Files\Windows Defender
2008-05-02 11:53 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-02 11:53 --------- d-----w C:\Program Files\Windows Calendar
2008-05-02 11:40 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-02 11:40 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-26 12:26 --------- d-----w C:\ProgramData\LogiShrd
2008-04-26 12:26 --------- d-----w C:\Program Files\Logitech
2008-04-26 12:21 --------- d-----w C:\Program Files\Common Files\Logitech
2008-04-26 11:09 --------- d-----w C:\ProgramData\Logitech
2008-04-25 20:59 --------- d-----w C:\Program Files\Google
2008-04-18 18:46 --------- d-----w C:\Users\Laurent\AppData\Roaming\Shareaza
2008-04-18 18:46 --------- d-----w C:\Program Files\Shareaza
2008-04-14 20:25 --------- d-----w C:\Program Files\Neuf
2008-04-11 15:23 38,400 ----a-w C:\Windows\System32\SoundSchemes.exe
2008-04-07 20:08 --------- d-----w C:\Users\Laurent\AppData\Roaming\GigaTribe
2008-04-07 16:37 --------- d-----w C:\Program Files\Picasa2
2008-04-05 11:06 --------- d-----w C:\ProgramData\OrbNetworks
2008-04-05 11:06 --------- d-----w C:\Program Files\Winamp Remote
2008-04-05 10:56 --------- d-----w C:\Program Files\Winamp
2008-03-28 17:52 --------- d-----w C:\ProgramData\Lavasoft
2008-03-28 17:51 --------- d-----w C:\Program Files\Lavasoft
2008-03-28 17:49 --------- d-----w C:\Users\Laurent\AppData\Roaming\Lavasoft
2008-03-28 17:31 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-14 22:24 93,128 ------w C:\Windows\System32\ElbyCDIO.dll
2008-03-12 20:21 678,408 ----a-w C:\Windows\System32\gpprefcl.dll
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-28 15:38 972,072 ----a-w C:\Windows\UNNeroMediaHome.exe
2008-02-26 14:14 972,072 ----a-w C:\Windows\UNRecode.exe
2004-08-05 12:00 626,688 --sha-r C:\Windows\System32\aim.exe
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-05-23_21.41.18.24 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-23 18:19:40 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-24 08:26:59 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-23 18:18:27 2,297 ----a-w C:\Windows\bthservsdp.dat
+ 2008-05-24 08:25:43 2,297 ----a-w C:\Windows\bthservsdp.dat
- 2008-05-23 18:19:41 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-24 08:27:00 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-23 18:19:41 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-24 08:27:00 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-23 18:21:56 1,347,584 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-24 08:29:23 1,347,584 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-05-23 19:34:45 1,363,968 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-24 08:33:16 1,363,968 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-05-23 18:20:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-24 08:27:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-23 18:20:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-24 08:27:26 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-23 18:20:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-24 08:27:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-23 18:23:08 11,650 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-854245398-152049171-839522115-1004_UserData.bin
+ 2008-05-24 08:29:47 11,650 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-854245398-152049171-839522115-1004_UserData.bin
- 2008-05-23 18:23:07 64,658 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-24 08:29:46 64,814 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-23 17:40:44 58,984 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-24 08:29:43 59,128 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22 4670968]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 20:08 68856]
"Sidebar"="C:\Program Files\windows sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"Neuf Media Center"="C:\Program Files\Neuf\Media Center\MediaCenter.exe" [2007-08-29 16:42 1008880]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-04-19 07:39 3297280]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"Configuration de la neuf Box"="C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe" [2005-12-13 15:19 389120]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-04-26 13:18 36864]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 17:58 217544]
"L07FXLRD_1834812"="C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.exe" [2006-06-13 18:11 351000]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-12-21 04:34 1649600]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 11:45 63712]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 13:37 4186112 C:\Windows\RtHDVCpl.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 01:50 233472]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"Microsoft Windows Update x86"="aim.exe" [2004-08-05 14:00 626688 C:\Windows\System32\aim.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\Windows\KHALMNPR.Exe]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-25 22:57 29744]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21 57344]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-01-19 09:32 990208 C:\Windows\System32\bthprops.cpl]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 05:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 05:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 05:28 81920]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]

C:\Users\Laurent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GigaTribe.lnk - C:\Program Files\GigaTribe\gigatribe.exe [2008-02-14 21:25:12 1077248]
Widget GAME ONE.lnk - C:\Users\Laurent\Documents\Widget GAME ONE\Widget GAME ONE.exe [2008-01-02 17:02:16 383020]
XBLFriends.lnk - C:\Program Files\XBLFriends\XBLFriends.exe [2007-10-23 22:21:10 450560]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Image Transfer.lnk - C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe [2007-05-31 23:40:21 73728]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-04-26 13:18:57 196608]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-06-01 01:29:52 692224]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-16 20:08:38 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.yv12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\\Program Files\\MSN Messenger\\livecall.exe"= C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
"10243:TCP"= 10243:TCP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10280:UDP"= 10280:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10281:UDP"= 10281:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10282:UDP"= 10282:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10283:UDP"= 10283:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10284:UDP"= 10284:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"1900:UDP"= 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP"= 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe-UDP-Domain"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.1
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe-TCP-Domain"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.1
"C:\\Program Files\\MSN Messenger\\livecall.exe-UDP-Domain"= TCP:C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"C:\\Program Files\\MSN Messenger\\livecall.exe-TCP-Domain"= UDP:C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"%windir%\\Network Diagnostic\\xpnetdiag.exe-UDP-Domain"= TCP:%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"%windir%\\Network Diagnostic\\xpnetdiag.exe-TCP-Domain"= UDP:%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"10284:UDP-Domain"= TCP:10284:LocalSubnet:LocalSubnet:Service Partage réseau du Lecteur Windows Media
"10283:UDP-Domain"= TCP:10283:LocalSubnet:LocalSubnet:Service Partage réseau du Lecteur Windows Media
"10282:UDP-Domain"= TCP:10282:LocalSubnet:LocalSubnet:Service Partage réseau du Lecteur Windows Media
"10281:UDP-Domain"= TCP:10281:LocalSubnet:LocalSubnet:Service Partage réseau du Lecteur Windows Media
"10280:UDP-Domain"= TCP:10280:LocalSubnet:LocalSubnet:Service Partage réseau du Lecteur Windows Media
"10243:TCP-Domain"= UDP:10243:LocalSubnet:LocalSubnet:Service Partage réseau du Lecteur Windows Media
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"C:\\Program Files\\TribalWeb\\tribalweb.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\TribalWeb\tribalweb.exe:tribalweb
"C:\\Program Files\\TribalWeb\\tribalweb.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\TribalWeb\tribalweb.exe:tribalweb
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:Apache HTTP Server
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:Apache HTTP Server
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.1
"C:\\Program Files\\MSN Messenger\\livecall.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:Microsoft Office Outlook
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:Microsoft Office Outlook
"C:\\Program Files\\Azureus\\Azureus.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Azureus\Azureus.exe:Azureus
"C:\\Program Files\\Azureus\\Azureus.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Azureus\Azureus.exe:Azureus
"%windir%\\Network Diagnostic\\xpnetdiag.exe-UDP-Standard"= TCP:Profile=Public|%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"%windir%\\Network Diagnostic\\xpnetdiag.exe-TCP-Standard"= UDP:Profile=Public|%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"10284:UDP-Standard"= TCP:10284:LocalSubnet:LocalSubnet:Service Partage réseau du Lecteur Windows Media
"10283:UDP-Standard"= TCP:10283:LocalSubnet:LocalSubnet:Service Partage réseau du Lecteur Windows Media
"10282:UDP-Standard"= TCP:10282:LocalSubnet:LocalSubnet:Service Partage réseau du Lecteur Windows Media
"10281:UDP-Standard"= TCP:10281:LocalSubnet:LocalSubnet:Service Partage réseau du Lecteur Windows Media
"10280:UDP-Standard"= TCP:10280:LocalSubnet:LocalSubnet:Service Partage réseau du Lecteur Windows Media
"10243:TCP-Standard"= UDP:10243:LocalSubnet:LocalSubnet:Service Partage réseau du Lecteur Windows Media
"TCP Query User{3F6D4FEF-3EE1-49C1-A9DD-8D75ED290C12}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{1846B357-DD1C-44DB-A4DA-4437925FBBF9}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{A6549D30-E270-49AF-AE17-64E5DCF92F7E}C:\\users\\laurent\\desktop\\utorrent.exe"= UDP:C:\users\laurent\desktop\utorrent.exe:utorrent.exe
"UDP Query User{CD17746E-429E-4159-95F8-8FAD507C3D28}C:\\users\\laurent\\desktop\\utorrent.exe"= TCP:C:\users\laurent\desktop\utorrent.exe:utorrent.exe
"TCP Query User{7B3F40A5-868C-4ACD-8560-4C6C8A279815}C:\\users\\laurent\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\laurent\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{53E38EC4-613F-4F6F-B48B-369407A941E2}C:\\users\\laurent\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\laurent\program files\utorrent\utorrent.exe:utorrent.exe
"TCP Query User{634C33F6-1BE9-40DC-AC42-158F263427DB}C:\\users\\laurent\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\laurent\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{3DD7ED4A-A037-4F68-B9C7-23D246E89DFE}C:\\users\\laurent\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\laurent\program files\utorrent\utorrent.exe:utorrent.exe
"{3D757554-C7D6-4D97-984F-06ACB160217F}"= UDP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"{8F97A477-472C-4902-AA42-017469A70BB0}"= TCP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"TCP Query User{D92DD346-53D5-4275-823C-AEA1C08D31D9}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{8BBE429B-BB2B-4677-880B-D83B0E3DDE4B}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{AE753650-09FC-4318-8771-42FAB7324A96}C:\\program files\\sierra on-line\\sigspat.exe"= UDP:C:\program files\sierra on-line\sigspat.exe:SIGSPat
"UDP Query User{E4E0091C-EB11-475D-86B9-D709CFEBE2AF}C:\\program files\\sierra on-line\\sigspat.exe"= TCP:C:\program files\sierra on-line\sigspat.exe:SIGSPat
"TCP Query User{393C5219-339A-477F-AEC9-CA96A55FD6C9}C:\\program files\\sierra on-line\\sigspat.exe"= UDP:C:\program files\sierra on-line\sigspat.exe:SIGSPat
"UDP Query User{B8E4256D-9B23-45CB-8686-D007A8C448F6}C:\\program files\\sierra on-line\\sigspat.exe"= TCP:C:\program files\sierra on-line\sigspat.exe:SIGSPat
"TCP Query User{169A24BB-B7E1-4EEC-86F3-A82A1B5F8988}C:\\sierra\\counter-strike\\cstrike.exe"= UDP:C:\sierra\counter-strike\cstrike.exe:CounterStrike Launcher
"UDP Query User{8DEEF9B7-FC5B-466D-8886-545A39C4124F}C:\\sierra\\counter-strike\\cstrike.exe"= TCP:C:\sierra\counter-strike\cstrike.exe:CounterStrike Launcher
"TCP Query User{D25952EC-C57D-42AD-8821-2D49B4FF8737}C:\\sierra\\counter-strike\\cstrike.exe"= UDP:C:\sierra\counter-strike\cstrike.exe:CounterStrike Launcher
"UDP Query User{1243D75F-29C8-416D-884B-2FDBA3B1711B}C:\\sierra\\counter-strike\\cstrike.exe"= TCP:C:\sierra\counter-strike\cstrike.exe:CounterStrike Launcher
"{A7AE2926-F0F3-4979-B827-9091A34E69DA}"= UDP:C:\Program Files\XBLFriends\XBLFriends.exe:XBLFriends
"{5628FC70-84F5-4B6A-8FD7-B09F2F47030C}"= TCP:C:\Program Files\XBLFriends\XBLFriends.exe:XBLFriends
"{B3870F46-1303-468A-A82C-27CA83CF3711}"= UDP:C:\Program Files\Neuf\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player Neuf Cegetel)
"{7A10F75A-0ECF-444E-8A88-5586D9AF9111}"= TCP:C:\Program Files\Neuf\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player Neuf Cegetel)
"{CCB16A56-91A8-4940-90E0-236E2CC9943B}"= UDP:C:\Program Files\Neuf\Media Center\MediaCenter.exe:Charger le Media Center
"{27E399E3-9A8C-4A9B-9373-43BBD88A2B76}"= TCP:C:\Program Files\Neuf\Media Center\MediaCenter.exe:Charger le Media Center
"{0F016011-4C94-482E-85AE-7259F4A568F1}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{BB888F65-B6D7-44FA-8FD0-525CC1E05AE6}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{CBA2FE60-43E0-4AD7-AC27-9F7DDDB50655}"= UDP:C:\Program Files\Windows Mail\WinMail.exe:Windows Mail
"{193D2ACE-0723-47B8-BFC6-E5AB84A3860D}"= TCP:C:\Program Files\Windows Mail\WinMail.exe:Windows Mail
"TCP Query User{EDAA6525-454E-45C6-A8DD-F55A254442B7}C:\\program files\\winamp remote\\bin\\orbtray.exe"= UDP:C:\program files\winamp remote\bin\orbtray.exe:Orb
"UDP Query User{2028CD0F-EAD3-4D34-B5B1-6C842BE130A3}C:\\program files\\winamp remote\\bin\\orbtray.exe"= TCP:C:\program files\winamp remote\bin\orbtray.exe:Orb
"TCP Query User{1B7AAE64-FCA6-4553-9696-8FE34981AEE3}C:\\program files\\winamp remote\\bin\\orb.exe"= UDP:C:\program files\winamp remote\bin\orb.exe:Orb Application
"UDP Query User{39681623-CFB6-492C-957F-3D815D838CAD}C:\\program files\\winamp remote\\bin\\orb.exe"= TCP:C:\program files\winamp remote\bin\orb.exe:Orb Application
"TCP Query User{5132AE98-785A-48C9-A9C1-4F0249F4FC89}C:\\program files\\winamp remote\\bin\\orbir.exe"= UDP:C:\program files\winamp remote\bin\orbir.exe:
"UDP Query User{621873FD-D873-465F-96E5-018F92FE11CD}C:\\program files\\winamp remote\\bin\\orbir.exe"= TCP:C:\program files\winamp remote\bin\orbir.exe:
"TCP Query User{28740282-FB28-4A9D-9025-42EBF946086E}C:\\program files\\winamp remote\\bin\\orbstreamerclient.exe"= UDP:C:\program files\winamp remote\bin\orbstreamerclient.exe:ORB Windows Media stream encoding client
"UDP Query User{160D91CD-F160-46B1-A29B-20E0EC06B5DA}C:\\program files\\winamp remote\\bin\\orbstreamerclient.exe"= TCP:C:\program files\winamp remote\bin\orbstreamerclient.exe:ORB Windows Media stream encoding client
"{82721D35-60DB-429F-847F-0C3403541676}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3E455167-9D9A-4C76-9733-442D37EE2B5D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{911D3F7D-3139-4E87-BC71-D617F41B8E5F}C:\\program files\\pando networks\\pando\\pando.exe"= UDP:C:\program files\pando networks\pando\pando.exe:pando
"UDP Query User{679887B1-F87D-4ADE-95A9-1F06BD58C231}C:\\program files\\pando networks\\pando\\pando.exe"= TCP:C:\program files\pando networks\pando\pando.exe:pando
"{DFA4E801-209B-4743-AD56-3D5A25FAED5C}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"{0550E2E2-1D65-4F14-9EF7-74134D600C54}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"TCP Query User{3FE36F6C-9D4F-4C26-9879-E1D54A8187D0}C:\\program files\\secondlife\\slvoice.exe"= UDP:C:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{D59B9DF3-D779-4157-BEDC-49991FA47326}C:\\program files\\secondlife\\slvoice.exe"= TCP:C:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{A7E3A32B-83CB-4648-9D94-65C9FBD88A93}C:\\program files\\secondlife\\slvoice.exe"= UDP:C:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{2016CB19-CEC8-4673-8311-F28122259AEB}C:\\program files\\secondlife\\slvoice.exe"= TCP:C:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{3F363592-01E8-404E-9503-3B60FF6B5DF1}C:\\program files\\shareaza applications\\shareaza\\shareaza.exe"= UDP:C:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza
"UDP Query User{91466022-D7F5-4680-A9A9-D0D3FDDBC1C5}C:\\program files\\shareaza applications\\shareaza\\shareaza.exe"= TCP:C:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza
"TCP Query User{DFA6AC9F-968F-491E-AF6F-774948E24D2A}C:\\program files\\shareaza applications\\shareaza\\shareaza.exe"= UDP:C:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza
"UDP Query User{6D2BC016-9B65-4F9F-BFC0-51DB0FE8B60F}C:\\program files\\shareaza applications\\shareaza\\shareaza.exe"= TCP:C:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza
"TCP Query User{7971FF39-9AF7-4E4E-8FD1-76488DB5403F}C:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= UDP:C:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module
"UDP Query User{037CC863-B4C0-4594-A1EF-FBF51C4D0FAE}C:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= TCP:C:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module
"TCP Query User{8CDBB72B-624A-46C4-AFF9-5AC5ECDF4AB7}C:\\program files\\gigatribe\\gigatribe.exe"= UDP:C:\program files\gigatribe\gigatribe.exe:gigatribe
"UDP Query User{260C8925-EA9A-42B2-A99F-BEA3483BED8F}C:\\program files\\gigatribe\\gigatribe.exe"= TCP:C:\program files\gigatribe\gigatribe.exe:gigatribe
"TCP Query User{FF5AE95D-9C59-4A74-BA93-FCB0B330274F}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{C1640C5E-0821-4469-9E0D-AFC024B6D065}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{7DE2688A-BB80-4420-93C4-3C67DEA30D63}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{9D7588EC-B5D8-4F63-9710-2BDFF7F87621}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{0AA86402-BCED-4192-BA15-D57E5D9C09AE}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{1A6AB250-3164-43F8-A9CF-AFDE4AEDB525}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{1CF93DE3-85D3-4886-9B6E-3E73557FAD29}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{951B0912-711D-4028-A3C7-33918B8AB0F0}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{98EB5FC7-EFCF-432F-BAFE-95E9DA397F0B}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{59CDE9A5-B519-4AB3-9ACF-98CDEF46F311}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{131378FB-6AC1-4D03-B7A7-6A87AFE3FBD9}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{EBAFA4F2-DBC0-49E3-B639-D0E82A0D4DD8}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{714C16E0-6405-4B05-AA7B-5EC3C1D42B43}F:\\creativesfiles\\shareaza.exe"= UDP:F:\creativesfiles\shareaza.exe:Shareaza Ultimate File Sharing
"UDP Query User{1D815FF9-8155-4622-A7A3-79719EE1FBF3}F:\\creativesfiles\\shareaza.exe"= TCP:F:\creativesfiles\shareaza.exe:Shareaza Ultimate File Sharing
"{BE489B15-0DDF-46A8-9EC8-956854F68C59}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{F222FB66-94DB-4122-BFFE-06C229D9DF2A}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{DD201A3B-F6B3-4DA3-B322-F4E6743C3B67}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{9E5B2223-F28B-4114-B720-BD1102120A53}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{B5A48021-F3FB-48FC-A526-17E2AA3493DB}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{923F6EC8-F039-410A-927D-4A273CDABE9B}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"{8DB92479-263F-43BD-9BAF-08EAEC56CAEB}"= UDP:C:\Program Files\Neuf\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player Neuf Cegetel)
"{75F56828-7FCC-463B-93E9-E9C4F0A21C7D}"= TCP:C:\Program Files\Neuf\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player Neuf Cegetel)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\\Program Files\\Azureus\\Azureus.exe"= C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
"C:\\Program Files\\MSN Messenger\\livecall.exe"= C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server
"C:\\Program Files\\Shareaza\\Shareaza.exe"= C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza
"C:\\Program Files\\TribalWeb\\tribalweb.exe"= C:\Program Files\TribalWeb\tribalweb.exe:*:Enabled:tribalweb
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\GloballyOpenPorts\List]
"10243:TCP"= 10243:TCP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10280:UDP"= 10280:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10281:UDP"= 10281:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10282:UDP"= 10282:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10283:UDP"= 10283:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10284:UDP"= 10284:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"1900:UDP"= 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP"= 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2008-01-19 09:33]
R3 HexTunnelDevice;Hexago Multi-Virtual Tunnel Adapter;C:\Windows\system32\DRIVERS\hextun.sys [2007-12-20 05:02]
S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2007-07-15 16:45]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-25 22:57]
S3 gw6c;Hexago Gateway6 Client;C:\Program Files\Hexago\Gateway6 Client\gw6c.exe [2007-12-20 05:02]
S3 MBAMCatchMe;MBAMCatchMe;C:\Windows\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-05-12 14:53]
S3 UMPass;Pilote Microsoft UMPass;C:\Windows\system32\DRIVERS\umpass.sys [2008-01-19 07:53]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WudfServiceGroup REG_MULTI_SZ WUDFSvc
GPSvcGroup REG_MULTI_SZ GPSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-24 08:27:10 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-01-31 22:12:14 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-05-23 19:53:13 C:\Windows\Tasks\User_Feed_Synchronization-{CD229FDC-4450-49F4-BE0E-DEFC4596C43B}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 10:33:42
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

**************************************************************************
.
Temps d'accomplissement: 2008-05-24 10:41:33
ComboFix-quarantined-files.txt 2008-05-24 08:40:25
ComboFix2.txt 2008-05-23 19:42:35

Pre-Run: 31,297,712,128 octets libres
Post-Run: 31,266,418,688 octets libres

445 --- E O F --- 2008-05-23 15:40:45

et HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:33, on 24/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\GigaTribe\gigatribe.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\Explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6754A456-BAD9-11D4-93D3-00B0D03A2F91} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Windows Update x86] aim.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\windows sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Configuration de la neuf Box] C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [L07FXLRD_1834812] "C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe
O4 - Startup: Widget GAME ONE.lnk = ?
O4 - Startup: XBLFriends.lnk = C:\Program Files\XBLFriends\XBLFriends.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - http://www.update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_05) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F247AD9-260A-4EBB-9B12-1D7D24B314D9}: NameServer = 192.168.30.1
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hexago Gateway6 Client (gw6c) - Hexago, Inc. - C:\Program Files\Hexago\Gateway6 Client\gw6c.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

Réponse 4 / 7

haduss Messages postés 239 Date d'inscription mardi 8 avril 2008 Statut Membre Dernière intervention 31 juillet 2013 43
23 mai 2008 à 03:11

telecharge stinger de telecharger.com il est gratos fait un ptit scan normalement il va lsuprimé

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 7

Le sioux Messages postés 4894 Date d'inscription dimanche 27 mai 2007 Statut Contributeur sécurité Dernière intervention 6 mars 2023 495
24 mai 2008 à 00:01

Hello Lolocuste

Je regarde tes rapports et te dis quoi faire plus tard

@ suivre.

Réponse 6 / 7

Le sioux Messages postés 4894 Date d'inscription dimanche 27 mai 2007 Statut Contributeur sécurité Dernière intervention 6 mars 2023 495
25 mai 2008 à 02:04

Bonsoir Lolocuste

Cela fausse les donnes d'avoir utyiliser MalwareByte's Antimalware, je le t'aurai fait utiliser mais après le passage du CFScript et vérif du nouveau rapport Combo ...

Je regarderai tes rapports et te dirai quoi faire par la suite.

@ +

lolocuste Messages postés 17 Date d'inscription vendredi 8 juin 2007 Statut Membre Dernière intervention 26 mai 2008
26 mai 2008 à 01:05

Bonsoir Le Sioux,

Désolé je suis un peu novice la dessus, si tu veux on repart depuis le début ça sera peut être aussi simple si jamais? En tout cas pour info il semble que mon pc soit ok pour le moment toujours pas de virus affiche avec Avast, j'attends donc tes instruction, merci encore !

Réponse 7 / 7

Le sioux Messages postés 4894 Date d'inscription dimanche 27 mai 2007 Statut Contributeur sécurité Dernière intervention 6 mars 2023 495
26 mai 2008 à 08:19

Bonjour Lolocuste

Pas de soucis, on continu ainsi, par contre, je veux bien le rapport de MalwareByte's Antimalware stp.

Sert toi de ce tuto pour le trouver (a la fin du tuto ;) )

Tuto Malwarebyte's Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm

C'est un bon scan passif que tu peux garder avec lequel tu pourras effectuer un nettoyage hebdomadaire, sans oublier de faire une mise à jour manuelle avant d'exécuter l’analyse .

Vide sa quarantaine :
Clique sur le raccourci de Malwarebytes' Anti-Malware , puis sur Quarantaine, clique sur "Tout supprimer"

Puis

1) Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Vas dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.

Un redémarrage sera nécessaire.

ComboFix avec CFScript :

* Sélectionne le texte suivant (en gras) dans son intégralité :

Driver::
lvuvc

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Windows Update x86"=-

File::
C:\Windows\System32\drivers\lvuvc.hs
C:\Windows\System32\vTlIBUKb.dll
C:\Windows\System32\authuitu.dll
C:\Windows\System32\aim.exe
C:\Users\Laurent\{fb72e7d3-7422-4dd5-baec-bf5704671f39}
C:\Users\Laurent\{ed47e128-7ca5-43bd-9f44-dace4a728ddb}
C:\Users\Laurent\{0a0e72ad-18b5-4a02-be38-1172652027ec}
C:\Users\Laurent\{c317a8e7-b956-499f-b90c-ca1d3a074275}

* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (Démarrer / Tous les Programmes>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde sur ton Bureau ce fichier sous le nom de CFScript.txt

/!\ Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement. /!\

Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe ( sur ton Bureau)

Comme ici http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript.gif

* Une fenêtre bleue va apparaître: au message qui apparaît Type 1 to continue, or 2 to abort , tape 1 puis valide.

* Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal!

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu et un nouveau rapport HijackThis

/!\Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à Internet. /!\.

(Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt )

@ suivre

Discussions similaires

Est ce que le site tlauncher est dangereux ?

Detection PUA: win32 Installcore

Softonic,est-ce un virus ?

Problème avec "PUADIManager:Win32/OfferCore

infecté par HackTool:Win32/AutoKMS

Discussions similaires

Newsletters